What is Scarab-Zzz?
The month was marked by releasing several viruses from Scarab developers such as Crash, Gefest, and Zzz. In this article, we will dwell on the last one. Scarab-Zzz is a ransomware virus that gets on victim’s computer by means of fraudelent spam emails, fake updaters and scam sites. If you haven’t been acquainted with the term “ransomware” yet, it’s a kind of virus that starts to encrypt targeted data after penetration. Once data is encoded, the user will not be able to use them. In so doing, hackers motivate users to buy decryptor. Still, you may remove Scarab-Zzz Ransomware and decrypt .zzzzzzzz files without paying anything.
Scarab-Zzz Ransomware encrypts files using AES encryption algorithm which makes unreadable. In so doing, each infected file will be renamed and appended with .zzzzzzzz extension. For example, myfamily.jpg turns into 7dmdXPFuP4Ld0NHo1XD.zzzzzzzz. Users are also provided instructions to recover encrypted files in form of TXT file (HOW TO RECOVER FILES.TXT) which is placed on the desktop:
—= ^_^ Your files are now encrypted!! ^_^ =—
Attention!
All your files, documents, photos, databases and other important files are encrypted
The only method of recovering files is to purchase an unique private decryptor. Only we can give you this decryptor and only we can recover your files.
IN ORDER TO PREVENT DATA DAMAGE:
* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price
(they add their fee to our) or you can become a victim of a scam.
Now you should send us email with your key identifier and version.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins or Dash. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
If the payment isn’t made with in 5 days the cost of decrypting files will be doubled
We can give you free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 100kb (non archived), and files should not contain valuable information (databases, backups, large excel sheets, etc.).
You can contact us in these email address: —– rohitramses@protonmail.com —or— rohitramses@tutanota.com ——
If you don’t get a reply or if the email dies, then contact us using Bitmessage.
Download it form here: https://bitmessage.org/wiki/Main_Page
Run it, click New Identity and then send us a message at BM-2cSzfawmdGKeT8ny99qtMeiGb27TcVBJXz
I don’t have Bitcoin (BTC) or DASH (DSH). How can I make the payment?
* The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price:
https://localbitcoins.com/buy_bitcoins
* Also you can find other places to buy Bitcoins and beginners guide here:
* https://buy.bitcoin.com/
* https://coinmonitor.io/en/
* https://coinmama.com/
* https://changelly.com/
* https://payeer.com/
* https://cex.io/
Version: 1.1
Your Key Indentifier:
+4IAAAAAAACqJ***29gER3Q
Here is used a typical scheme of all ransomware-type viruses – to intimidate victims and make them pay. The only differences between them are the ransom price and encryption method. In return, they are supposed to send you decryption key, however, as practice shows that cyber-criminals most often ignore people after payment is done. That’s why there is no need to contact them, it wouldn’t help. Still, you should focus on removing Scarab-Zzz ransomware and then on decrypting files. You have 2 ways: automatic and manual, both solutions are presented here, but you should know that last one may require certain skills and knowledge while an automated removal tool can do this in just a few clicks.
How to remove Scarab-Zzz from your computer?
You may try to use anti-malware tool to remove Scarab-Zzz ransomware from your computer. Newly advanced ransomware detection technology is able to run an instant ransomware scan, which is perfect to protect your computer in case of a new ransomware attack.
How to decrypt files encrypted by Scarab-Zzz?
Decrypt .zzzzzzzz files manually
Once you’ve removed the virus, you are probably thinking of recovering files from encryption. Let’s take a look at possible ways of decrypting your data.
Restore data with Data Recovery
- Download and install Data Recovery
- Select drives and folders with your files, then click Scan.
- Choose all the files in a folder, then press on Restore button.
- Manage export location.
Restore data with automated decryption tools
Unfortunately, due to the novelty of Scarab-Zzz ransomware, there are no available automatic decryptors for this encryptor yet. Still, there is no need to invest in the malicious scheme by paying a ransom. You are able to recover files manually.
You can try to use one of these methods in order to restore your encrypted data manually.
Restore data with Windows Previous Versions
This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows saves copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take following steps:
- Open My Computer and search for the folders you want to restore;
- Right-click on the folder and choose Restore previous versions option;
- The option will show you the list of all the previous copies of the folder;
- Select restore date and the option you need: Open, Copy and Restore.
Restore the system with System Restore
You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.
- Type restore in the Search tool;
- Click on the result;
- Choose restore point before the infection infiltration;
- Follow the on-screen instructions.
Restore data with Shadow Explorer
Shadow Explorer is an application that is able to provide you with Shadow Copies created by the Windows Volume Shadow Copy Service.
- Once you’ve downloaded this application, open a folder with it;
- Right-click on the file ShadowExplorer-0.9-portable and choose Extract all option;
- Run ShadowExplorerPortable.exe;
- Look at the left corner, there you can choose desired hard drive and latest restore option;
- On the right side you can see the list of files. Choose any file, right-click on it and select Export option.
Restore data with Recuva
Recuva is a data Scarab-Zzz program for Windows, developed by Piriform. It is able to recover files that have been “permanently” deleted and marked by the operating system as free space.
- Once you’ve downloaded and installed this application, start it in Wizard mode: choose the Options button and then select Run Wizard;
- You will see Welcome to the Recuva Wizard page, choose Next;
- Open the File Type page and choose the type of data you need to recover, after select Next. If you don’t know what kind of data you are looking for, choose Other option;
- Choose the location of a search in the File Location window;
- In the Thank you window, select Start. After finishing searching process, Recuva will show you the results of search;
- Before recovering of the data, choose the Check Boxes near the file. You can see three types of colored dots. Green dot means that your chance to restore file is excellent. Orange one – chance to restore file is acceptable. And the red one shows you that it’s unlikely to happen;
- Select Recover option and choose the directory of the restored data.